Fake Microsoft security e-mail spreads malicious code
Spammers are cashing in on a recent stir over allegedly problematic Windows security patches
By Microsoft Subnet on Thu, 12/03/09 - 6:03pm.It didn't take long for the bad guys to cash in on the confusion surrounding so-called faulty Windows patches. Cisco Security Intelligence Operations is reporting significant activity of spam e-mail messages that claim to offer a fix for security flaws in various Microsoft products.
This spam comes in a week where flaws in security updates affecting Windows were reported by security company Prevx, then denied by Microsoft and finally retracted by Prevx, leading to the security company issuing a public apology. Users however, remain unconvinced that the November Patch Tuesday security patches were not to blame for an increase in occurrences of the black screen of death. Many readers have posted personal accounts of their own black screens of death which they attribute to the patches.
The situation is ripe for the plucking for spammers using that fear to tempt users into downloading malicious software. Cisco reports that text in the e-mail message instructs the recipient to click on a link to download updates that will fix security issues in Microsoft Internet Explorer, Windows XP, Windows Vista, or Windows 7. However, the link downloads an .exe file that attempts to install malicious software on the user's system.
Cisco reports that the following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: URGENT!!Microsoft Updates!
Message Body:
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859- 1
From: supportmicrosoft.com
Message-Id: <20091203080449.1 995838E2920teks aid.joinvps.c om
Date: Thu, 3 Dec 2009 08:04:49 +0000 (IJTjH ello,A few microsoft products have been found to have ome holes in them allowing hackers to take over and control users PC. f you are running: Microsoft Internet Explorer, Windows XP, Windows =ista, or Windows 7 then you are at risk of losing your computer and all f your datakbr bIf you have not already got the pdate goto this link: httplfmssupport.sytes.et/lipdater.exe or this link: http :/ftinyur1.com/microsof-up dater and get the Updater to fix the holes to protect yourself team. Thanks, Microsoft Support Team.
Cisco is reporting the outbreak because it owns the IronPort spam and anti-malware product. IronPort's security operations center analysts examine real-world e-mail traffic from over 100,000 contributing organizations worldwide. Cisco says the spam attack is a "hot" one in the wild and that potential damage from it is moderate. The attack is being kept in check because the spam should be fairly easy to spot with enterprise-class malware detection products like IronPort.
On the other hand, attacks against Windows are so popular because many of the naive masses have made Windows their operating system of choice. (Per comment below: By the term "naive masses" I mean that those who are least computer literate are most likely to use Windows and it would only be someone naive that would fall for such a scam as this one.) Even with such a poorly crafted e-mail attack as the one above, how many moms, pops and grandparents could fall prey?
Like this post? Check out these others.
- Prevx apologizes, backtracks on claims that Microsoft patch causes black screen
- Secrets of Exchange Server 2010
- Unified Messaging (Voicemail) in Exchange 2010
- Microsoft's Teamprise acquisition means nothing for open development
- Microsoft's data cache technology, code-named Velocity, speeds app performance
- SQL Server 2008 R2: November CTP Feature Pack
- F5 announces new management pack for OpsMgr 2007
- Microsoft Linux: Why one free software advocate wants it
- Server Sizing in Exchange 2010
Plus, visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Follow All Microsoft Subnet bloggers on Twitter
Follow Julie Bort on Twitter
- About The Microsoft Update
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- Blog Roll
-
- Microsoft Subnet Home Page
- http://www.networkworld.com/subnets/microsoft/
- All Microsoft Subnet bloggers
- http://www.networkworld.com/community/blogs/microsoft/feed
- ActiveWin
- http://www.activewin.com
- Blake Handler The Road to Know Where
- http://bhandler.spaces.live.com/
- Dmitry's PowerBlog
- http://dmitrysotnikov.wordpress.com/
- Doug Brown,DABCC
- http://www.dabcc.com
- Ed Bott's Windows Expertise
- http://www.edbott.com/weblog/
- Joseph Tartakoff Microsoft Blog
- http://blog.seattlepi.nwsource.com/microsoft/
- Long Zheng istartedsomething
- http://www.istartedsomething.com/
- Mini-Microsoft
- http://minimsft.blogspot.com/
- Paul Thurrott's Supersite for Windows
- http://www.winsupersite.com
- Robert McLaws WindowsNow
- http://www.windows-now.com
- Scobleizer
- http://scobleizer.com/
- Techmeme
- http://www.techmeme.com/
- Todd Bishop's Microsoft Blog
- http://www.techflash.com/Microsoft
-
Network World, Inc
The Connected Enterprise